kubespray/roles/dnsmasq/tasks/main.yml

---
- name: ensure dnsmasq.d directory exists
  file:
    path: /etc/dnsmasq.d
    state: directory
  tags:
    - bootstrap-os

- name: ensure dnsmasq.d-available directory exists
  file:
    path: /etc/dnsmasq.d-available
    state: directory
  tags:
    - bootstrap-os

- name: check system nameservers
  shell: awk '/^nameserver/ {print $NF}' /etc/resolv.conf
  changed_when: False
  register: system_nameservers

- name: init system_and_upstream_dns_servers
  set_fact:
    system_and_upstream_dns_servers: "{{ upstream_dns_servers|default([]) }}"

- name: combine upstream_dns_servers and system nameservers (only for docker_dns)
  set_fact:
    system_and_upstream_dns_servers: "{{ system_and_upstream_dns_servers | union(system_nameservers.stdout_lines) | unique }}"
  when: system_nameservers.stdout != "" and resolvconf_mode != 'host_resolvconf'

- name: Write dnsmasq configuration
  template:
    src: 01-kube-dns.conf.j2
    dest: /etc/dnsmasq.d-available/01-kube-dns.conf
    mode: 0755
    backup: yes
  register: dnsmasq_config

- name: Stat dnsmasq link
  stat:
    path: /etc/dnsmasq.d-available/01-kube-dns.conf
  register: dnsmasq_stat

- name: Stat dnsmasq link
  stat:
    path: /etc/dnsmasq.d/01-kube-dns.conf
  register: sym

- name: Move previous configuration
  command: mv /etc/dnsmasq.d/01-kube-dns.conf /etc/dnsmasq.d-available/01-kube-dns.conf.bak
  changed_when: False
  when: sym.stat.islnk is defined and sym.stat.islnk == False

- name: Enable dnsmasq configuration
  file:
    src: /etc/dnsmasq.d-available/01-kube-dns.conf
    dest: /etc/dnsmasq.d/01-kube-dns.conf
    state: link

- name: Create dnsmasq RBAC manifests
  template:
    src: "{{ item }}"
    dest: "{{ kube_config_dir }}/{{ item }}"
  with_items:
    - "dnsmasq-clusterrolebinding.yml"
    - "dnsmasq-serviceaccount.yml"
  when: rbac_enabled
  delegate_to: "{{ groups['kube-master'][0] }}"
  run_once: true

- name: Apply dnsmasq RBAC manifests
  command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/{{ item }}"
  with_items:
    - "dnsmasq-clusterrolebinding.yml"
    - "dnsmasq-serviceaccount.yml"
  when: rbac_enabled
  delegate_to: "{{ groups['kube-master'][0] }}"
  run_once: true

- name: Create dnsmasq manifests
  template:
    src: "{{item.file}}"
    dest: "{{kube_config_dir}}/{{item.file}}"
  with_items:
    - {name: dnsmasq, file: dnsmasq-deploy.yml, type: deployment}
    - {name: dnsmasq, file: dnsmasq-svc.yml, type: svc}
    - {name: dnsmasq-autoscaler, file: dnsmasq-autoscaler.yml.j2, type: deployment}
  register: manifests
  delegate_to: "{{ groups['kube-master'][0] }}"
  run_once: true

- name: Start Resources
  kube:
    name: "{{item.item.name}}"
    namespace: "{{system_namespace}}"
    kubectl: "{{bin_dir}}/kubectl"
    resource: "{{item.item.type}}"
    filename: "{{kube_config_dir}}/{{item.item.file}}"
    state: "latest"
  with_items: "{{ manifests.results }}"
  delegate_to: "{{ groups['kube-master'][0] }}"
  run_once: true

- name: Check for dnsmasq port (pulling image and running container)
  wait_for:
    host: "{{dns_server}}"
    port: 53
    timeout: 180
  when: inventory_hostname == groups['kube-node'][0] and groups['kube-node'][0] in ansible_play_hosts